Purported LulzSec member charged in Sony Pictures hack

Federal authorities have charged a second person with hacking Sony Pictures Entertainment last year to steal data belonging to roughly one million users.

Raynaldo Rivera, 20, of Tempe, Ariz. was booked on impairing a protected computer and conspiracy charges. If convicted, he faces up to 15 years in prison.

Rivera joins Cody Kretsinger as the second purported member of the former hacktivist outfit LulzSec to be charged in the breach. Kretsinger, who also is from Arizona, initially pleaded innocent, but later admitted guilt. He also faces up to 15 years in prison and is scheduled to be sentenced Oct. 25.

Authorities said Rivera joined Kretsinger in exploiting a common SQL injection vulnerability to gain access to internal Sony networks and websites, as part of a weeklong attack lasting from May 27, 2011 to June 2, 2011. The hack yielded the passwords, email addresses, home addresses, birth dates and other account information belonging to more than one million users, some of which publicly was posted.

At the time, LulzSec also claimed it made away with 3.5 million music coupon codes.

Rivera, whose online aliases are “neuron,” “royal” and “wildicv,” allegedly employed a proxy server to hide his IP address. It is unclear how authorities hunted him down, but it’s certainly possible LulzSec leader-turned-FBI informant Hector Monsegur, aka “Sabu,” may have helped. An FBI spokeswoman did not immediately respond to a request for comment.

Sony drew the ire of groups like LulzSec and Anonymous out of retaliation for the electronics giant pursuing legal action against George Hotz, a hacker who allegedly violated federal copyright law by jailbreaking the PlayStation 3. Both sides quietly settled the suit last year.